#]=======================================================================]
find_package(PkgConfig)
-pkg_check_modules(PC_DAQ libdaq>=3.0.4)
+pkg_check_modules(PC_DAQ libdaq>=3.0.5)
# Use DAQ_INCLUDE_DIR_HINT and DAQ_LIBRARIES_DIR_HINT from configure_cmake.sh as primary hints
# and then package config information after that.
*/
int ExpectCache::add_flow(const Packet *ctrlPkt, PktType type, IpProtocol ip_proto,
const SfIp* cliIP, uint16_t cliPort, const SfIp* srvIP, uint16_t srvPort, char direction,
- FlowData* fd, SnortProtocolId snort_protocol_id, bool swap_app_direction, bool expect_multi)
+ FlowData* fd, SnortProtocolId snort_protocol_id, bool swap_app_direction, bool expect_multi,
+ bool bidirectional)
{
/* Just pull the VLAN ID, MPLS ID, and Address Space ID from the
control packet until we have a use case for not doing so. */
unsigned flag = 0;
if (expect_multi)
flag |= DAQ_EFLOW_ALLOW_MULTIPLE;
+
+ if (bidirectional)
+ flag |= DAQ_EFLOW_BIDIRECTIONAL;
+
ctrlPkt->daq_instance->add_expected(ctrlPkt, cliIP, cliPort, srvIP, srvPort,
ip_proto, 1000, flag);
}
int add_flow(const snort::Packet *ctrlPkt, PktType, IpProtocol, const snort::SfIp* cliIP,
uint16_t cliPort, const snort::SfIp* srvIP, uint16_t srvPort, char direction,
snort::FlowData*, SnortProtocolId snort_protocol_id = UNKNOWN_PROTOCOL_ID,
- bool swap_app_direction = false, bool expect_multi = false);
+ bool swap_app_direction = false, bool expect_multi = false, bool bidirectional = false);
bool is_expected(snort::Packet*);
bool check(snort::Packet*, snort::Flow*);
int FlowControl::add_expected( const Packet* ctrlPkt, PktType type, IpProtocol ip_proto,
const SfIp *srcIP, uint16_t srcPort, const SfIp *dstIP, uint16_t dstPort,
- SnortProtocolId snort_protocol_id, FlowData* fd, bool swap_app_direction, bool expect_multi)
+ SnortProtocolId snort_protocol_id, FlowData* fd, bool swap_app_direction, bool expect_multi,
+ bool bidirectional)
{
return exp_cache->add_flow( ctrlPkt, type, ip_proto, srcIP, srcPort, dstIP, dstPort,
- SSN_DIR_BOTH, fd, snort_protocol_id, swap_app_direction, expect_multi);
+ SSN_DIR_BOTH, fd, snort_protocol_id, swap_app_direction, expect_multi, bidirectional);
}
bool FlowControl::is_expected(Packet* p)
int add_expected(const snort::Packet* ctrlPkt, PktType, IpProtocol, const snort::SfIp *srcIP,
uint16_t srcPort, const snort::SfIp *dstIP, uint16_t dstPort, SnortProtocolId snort_protocol_id,
- snort::FlowData*, bool swap_app_direction = false, bool expect_multi = false);
+ snort::FlowData*, bool swap_app_direction = false, bool expect_multi = false,
+ bool bidirectional = false);
class ExpectCache* get_exp_cache()
{ return exp_cache; }
int ExpectCache::add_flow(const Packet*, PktType, IpProtocol, const SfIp*, uint16_t,
- const SfIp*, uint16_t, char, FlowData*, SnortProtocolId, bool, bool)
+ const SfIp*, uint16_t, char, FlowData*, SnortProtocolId, bool, bool, bool)
{
return 1;
}
PktType, IpProtocol,
const SfIp*, uint16_t,
const SfIp*, uint16_t,
- char, FlowData*, SnortProtocolId, bool, bool)
+ char, FlowData*, SnortProtocolId, bool, bool, bool)
{
return 1;
}
// this is the current version of the base api
// must be prefixed to subtype version
-#define BASE_API_VERSION 5
+#define BASE_API_VERSION 6
// set options to API_OPTIONS to ensure compatibility
#ifndef API_OPTIONS
AppIdSession* AppIdSession::create_future_session(const Packet* ctrlPkt, const SfIp* cliIp,
uint16_t cliPort, const SfIp* srvIp, uint16_t srvPort, IpProtocol proto,
- SnortProtocolId snort_protocol_id, bool swap_app_direction)
+ SnortProtocolId snort_protocol_id, bool swap_app_direction, bool bidirectional)
{
char src_ip[INET6_ADDRSTRLEN];
char dst_ip[INET6_ADDRSTRLEN];
is_session_monitored(asd->flags, ctrlPkt, *inspector);
if (Stream::set_snort_protocol_id_expected(ctrlPkt, type, proto, cliIp,
- cliPort, srvIp, srvPort, snort_protocol_id, asd, swap_app_direction))
+ cliPort, srvIp, srvPort, snort_protocol_id, asd, swap_app_direction, false, bidirectional))
{
if (appidDebug->is_active())
{
static AppIdSession* allocate_session(const snort::Packet*, IpProtocol,
AppidSessionDirection, AppIdInspector&, OdpContext&);
static AppIdSession* create_future_session(const snort::Packet*, const snort::SfIp*, uint16_t,
- const snort::SfIp*, uint16_t, IpProtocol, SnortProtocolId, bool swap_app_direction=false);
+ const snort::SfIp*, uint16_t, IpProtocol, SnortProtocolId, bool swap_app_direction=false,
+ bool bidirectional=false);
void initialize_future_session(AppIdSession&, uint64_t);
size_t size_of() override
{
AppIdSession* fp = AppIdSession::create_future_session(
pkt, cliIp, cliPort, srvIp, srvPort, protocol,
- asd.config.snort_proto_ids[PROTO_INDEX_SIP]);
+ asd.config.snort_proto_ids[PROTO_INDEX_SIP], false, true);
if ( fp )
{
AppIdSession* fp2 = AppIdSession::create_future_session(
pkt, cliIp, cliPort + 1, srvIp, srvPort + 1, protocol,
- asd.config.snort_proto_ids[PROTO_INDEX_SIP]);
+ asd.config.snort_proto_ids[PROTO_INDEX_SIP], false, true);
if ( fp2 )
{
{
createRtpFlow(asd, event.get_packet(), media_a->get_address(), media_a->get_port(),
media_b->get_address(), media_b->get_port(), IpProtocol::UDP);
- createRtpFlow(asd, event.get_packet(), media_b->get_address(), media_b->get_port(),
- media_a->get_address(), media_b->get_port(), IpProtocol::UDP);
media_a = session_a->next_media_data();
media_b = session_b->next_media_data();
if (flags & DAQ_EFLOW_ALLOW_MULTIPLE)
d_cef.flags |= DAQ_EFLOW_ALLOW_MULTIPLE;
+ if (flags & DAQ_EFLOW_BIDIRECTIONAL)
+ d_cef.flags |= DAQ_EFLOW_BIDIRECTIONAL;
/*
if (flags & DAQ_DC_FLOAT)
d_cef.flags |= DAQ_EFLOW_FLOAT;
const Packet* ctrlPkt, PktType type, IpProtocol ip_proto,
const SfIp* srcIP, uint16_t srcPort,
const SfIp* dstIP, uint16_t dstPort,
- SnortProtocolId snort_protocol_id, FlowData* fd, bool swap_app_direction, bool expect_multi)
+ SnortProtocolId snort_protocol_id, FlowData* fd, bool swap_app_direction, bool expect_multi,
+ bool bidirectional)
{
assert(flow_con);
return flow_con->add_expected(
ctrlPkt, type, ip_proto, srcIP, srcPort, dstIP, dstPort, snort_protocol_id, fd,
- swap_app_direction, expect_multi);
+ swap_app_direction, expect_multi, bidirectional);
}
void Stream::set_snort_protocol_id_from_ha(
static int set_snort_protocol_id_expected(
const Packet* ctrlPkt, PktType, IpProtocol, const snort::SfIp* srcIP, uint16_t srcPort,
const snort::SfIp* dstIP, uint16_t dstPort, SnortProtocolId, FlowData*,
- bool swap_app_direction = false, bool expect_multi = false);
+ bool swap_app_direction = false, bool expect_multi = false, bool bidirectional = false);
// Get pointer to application data for a flow based on the lookup tuples for cases where
// Snort does not have an active packet that is relevant.
projects / thirdparty / snort3.git / commitdiff
